From 520b2bf6346ab7019f51a0ef384eeb28af2819b4 Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Fri, 12 Jul 2024 13:16:07 -0500 Subject: [PATCH] docs: add README section on untrusted input (#766) ### Changes This PR updates the README to include a new section on handling input from untrusted sources. ### References ### Testing ### Contributor Checklist - [x] I agree to adhere to the [Auth0 General Contribution Guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md). - [x] I agree to uphold the [Auth0 Code of Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md). --- README.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 1d504481..c40e5ace 100644 --- a/README.md +++ b/README.md @@ -102,6 +102,10 @@ print_r($auth0->getCredentials()?->user); If you have questions, the [Auth0 Community](https://community.auth0.com/) is a fantastic resource to ask questions and get help. +## Input from Untrusted Sources + +If your application accepts input from untrusted sources (such as query parameters from HTTP requests) please ensure you are following best practices for data validation and sanitization. It is your application's responsibility to ensure any data provided to the SDK is valid and safe. For more information, see the [OWASP Data Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html). + ## API Reference - [API Reference](https://auth0.github.io/auth0-PHP/) @@ -112,9 +116,9 @@ Our support lifecycle mirrors the [PHP release support schedule](https://www.php | SDK Version | PHP Version | Support Ends | | ----------- | ----------- | ------------ | -| 8 | 8.3 | Nov 2026 | -| | 8.2 | Nov 2025 | -| | 8.1 | Nov 2024 | +| 8 | 8.3 | Dec 2027 | +| | 8.2 | Dec 2026 | +| | 8.1 | Dec 2025 | We drop support for PHP versions when they reach end-of-life and cease receiving security fixes from the PHP Foundation. Please ensure your environment remains up to date so you can continue receiving updates for PHP and this SDK.